Grupo de Seguridad de las Tecnologías de la Información y de las Comunicacioneshttp://hdl.handle.net/10016/55482016-12-09T17:23:44Z2016-12-09T17:23:44ZRandomized Anagram RevisitedPastrana, SergioOrfila, AgustínEstévez-Tapiador, Juan M.Peris-López, Pedrohttp://hdl.handle.net/10016/209452016-06-16T01:22:28Z2014-05-01T00:00:00ZRandomized Anagram Revisited
Pastrana, Sergio; Orfila, Agustín; Estévez-Tapiador, Juan M.; Peris-López, Pedro
When compared to signature-based Intrusion Detection Systems (IDS), anomaly detectors present the potential advantage of detecting previously unseen attacks, which makes them an attractive solution against zero-day exploits and other attacks for which a signature is unavailable. Most anomaly detectors rely on machine learning algorithms to derive a model of normality that is later used to detect suspicious events. Such algorithms, however, are generally susceptible to evasion by means of carefully constructed attacks that are not recognized as anomalous. Different strategies to thwart evasion have been proposed over the last years, including the use of randomization to make somewhat uncertain how each packet will be processed. In this paper we analyze the strength of the randomization strategy suggested for Anagram, a well-known anomaly detector based on n-gram models. We show that an adversary who can interact with the system for a short period of time with inputs of his choosing will be able to recover the secret mask used to process packets. We describe and discuss an efficient algorithm to do this and report our experiences with a prototype implementation. Furthermore, we show that the specific form of randomization suggested for Anagram is a double-edged sword, as knowledge of the mask makes evasion easier than in the non-randomized case. We finally discuss a simple countermeasure to prevent our attacks.
2014-05-01T00:00:00ZDENDROID: A text mining approach to analyzing and classifying code structures in Android malware familiesSuárez-Tangil, GuillermoEstévez-Tapiador, Juan M.Peris-López, PedroBlasco, jorgehttp://hdl.handle.net/10016/193112016-06-16T00:55:50Z2014-03-01T00:00:00ZDENDROID: A text mining approach to analyzing and classifying code structures in Android malware families
Suárez-Tangil, Guillermo; Estévez-Tapiador, Juan M.; Peris-López, Pedro; Blasco, jorge
The rapid proliferation of smartphones over the last few years has come hand in hand with and impressive growth in the number and sophistication of malicious apps targetting smartphone users. The availability of reuse-oriented development methodologies and automated malware production tools makes exceedingly easy to produce new specimens. As a result, market operators and malware analysts are increasingly overwhelmed by the amount of newly discovered samples that must be analyzed. This situation has stimulated research in intelligent instruments to automate parts of the malware analysis process. In this paper, we introduce DENDROID, a system based on text mining and information retrieval techniques for this task. Our approach is motivated by a statistical analysis of the code structures found in a dataset of ANDROID OS malware families, which reveals some parallelisms with classical problems in those domains. We then adapt the standard Vector Space Model and reformulate the modelling process followed in text mining applications. This enables us to measure similarity between malware samples, which is then used to automatically classify them into families. We also investigate the application of hierarchical clustering over the feature vectors obtained for each malware family. The resulting dendo-grams resemble the so-called phylogenetic trees for biological species, allowing us to conjecture about evolutionary relationships among families. Our experimental results suggest that the approach is remarkably accurate and deals efficiently with large databases of malware instances.
2014-03-01T00:00:00ZSeguridad en Redes Sociales: problemas, tendencias y retos futurosGonzález-Manzano, LorenaGonzález-Tablas, Ana IsabelFuentes, José María deRibagorda, Arturohttp://hdl.handle.net/10016/181692014-01-24T01:00:15Z2014-01-23T00:00:00ZSeguridad en Redes Sociales: problemas, tendencias y retos futuros
González-Manzano, Lorena; González-Tablas, Ana Isabel; Fuentes, José María de; Ribagorda, Arturo
El abrumador crecimiento de las Redes Sociales (RSs) junto con su gran utilización, estimulan su constante investigación y mejora. Sin embargo, el uso de las RSs no está exento de problemas de seguridad y, en concreto, de privacidad. De hecho, es aquí donde este trabajo contribuye. En base a las recientes investigaciones y tendencias, se presentan un total de diez problemas asociados con la privacidad en las RSs. Además, cada problema es acompañado de directrices que pretenden ser la base de futuras investigaciones y desarrollos. Finalmente, se analiza de forma global la dificultad técnica de abordar estos problemas, así como su alcance en las RS.
Proceeding of: VII Congreso Iberoamericano en Seguridad Informática (CIBSI), Panamá, 29 al 31 de octubre de 2013
2014-01-23T00:00:00ZSecurity models in Vehicular ad-hoc networks: a surveyFuentes, José María deGonzález-Manzano, LorenaGonzález-Tablas, Ana IsabelBlasco, Jorgehttp://hdl.handle.net/10016/174272016-02-23T13:54:39Z2013-11-01T00:00:00ZSecurity models in Vehicular ad-hoc networks: a survey
Fuentes, José María de; González-Manzano, Lorena; González-Tablas, Ana Isabel; Blasco, Jorge
The security and privacy issues of vehicular ad-hoc networks (VANETs) must be addressed before they are implemented. For this purpose, several academic and industrial proposals have been developed. Given that several of them are intended to co-exist, it is necessary that they consider compatible security models. This paper presents a survey on the underlying security models of 41 recent proposals. Four key aspects in VANET security are studied, namely trust on vehicles, trust on infrastructure entities, existence of trusted third parties and attacker features. Based on the survey analysis, a basic mechanism to compare VANET security models is also proposed, thus highlighting their similarities and differences.
2013-11-01T00:00:00Z